By helper


2019-06-01 07:07:08 8 Comments

I have a OnePlus 6T. It is rooted by TWRP and Magisk. I have set ro.debuggable to 1. But when I type adb root it does this:

enter image description here

I cannot even use adb pull on system files.

1 comments

@Irfan Latif 2019-06-09 02:52:03

On production (user) build of a ROM, you can't start adbd as root unless ROM or at least adbd binary is rebuilt with required modifications. Reason is the ALLOW_ADBD_ROOT build flag (1, 2).
That's why adbd Insecure was developed, which replaced the adbd binary with a modified one.

On a userdebug or eng build (or with insecure adbd binary extracted from any of these build types):

  • If ro.secure=0, adbd runs as root when enabled from Settings (Developer Options) (3). However adb root won't work (4).
  • If ro.debuggable=1, adb root will restart adbd as root (5, 6).

However adbd can be built from modified source code to skip all these checks. Additionally SELinux should also be taken care of, if in enforcing mode. adbd must be allowed to run in unrestricted superuser context: u:r:su:s0 (7, 8), which isn't the case for user builds (9, 10, 11). See this answer for more details.

Android properties can be overwritten using /data/local.prop on userdebug/eng builds i.e. if ALLOW_LOCAL_PROP_OVERRIDE build flag is set (12, 13). But this doesn't work for ro.* properties (14) and same is true for setprop commandline tool. However default.prop / prop.default file - which could be located under multiple possible locations depending on the device build configurations (15) - can be modified to change read-only properties (if not already set from some other property file or *.rc file). If the file is in ramdisk, boot.img needs to be modified.

Magisk's resetprop tool can reset the read-only properties even if they are already set. ro.secure and ro.debuggable both may have possibly been changed as a part of MagiskHide policy (16), which you can revert back to allow adbd run as root.

Another related property is ro.adb.secure, which controls public key authentification. By setting ro.adb.secure=0 on userdebug/eng builds, authentification is skipped (no device unauthorized message ever) (17, 18, 19). Related: Storage location of “adb_keys”.

@bracco23 2019-08-13 09:55:54

As an added info, the type of build of the rom can be found looking at ro.build.type

Related Questions

Sponsored Content

3 Answered Questions

[SOLVED] How to pull only newer files with “adb pull”? (Android SDK utility)

  • 2013-02-28 03:06:10
  • OMA
  • 11298 View
  • 10 Score
  • 3 Answer
  • Tags:   adb

1 Answered Questions

[SOLVED] Device does not boot

1 Answered Questions

[SOLVED] Adb pull - access denied

  • 2019-06-01 15:31:45
  • helper
  • 157 View
  • 3 Score
  • 1 Answer
  • Tags:   adb

1 Answered Questions

How do I diagnose the last shutdown? adb root?

5 Answered Questions

[SOLVED] adb pull /data fails

  • 2014-07-04 06:30:08
  • user3734225
  • 46920 View
  • 19 Score
  • 5 Answer
  • Tags:   adb

1 Answered Questions

[SOLVED] Getting files using adb shell

Sponsored Content